NTT-AT to launch an authentication system that integrates smartcard and fingerprint authentication

In any system that provides access to database or to network services, it has become imperative to build a high security mechanism by incorporating secure personal authentication. Authentication by fingerprint is known for its high security and low cost. Our new product, MUSB200-COMBO, checks a person's fingerprint against the one registered in his or her smartcard, to provide easy-to-use and inexpensive authentication, which prevents confidential information from being disclosed or tampered with through unauthorized access.

Background and history

Long aware of the importance of security, NTT-AT has been developing and offering various security products and services. The company is now adding a new line, MUSB200-COMBO, a fingerprint authentication product by M-Commerce, which uses a capacitance semiconductor sensor to detect a fingerprint. The use of this sensor has reduced the size and cost of the device to almost half those of the existing ones. In addition, the authentication algorithm offered by M-Commerce is the smallest, fastest and most accurate in the world. This product requires only one-third or one-fifth of the memory required by competitive products for storing fingerprint data, thus allowing the memory area of the smartcard to be used efficiently.

NTT-AT will target e-commerce and electronic government at both national and local levels, where personal authentication is expected to gain in importance. The company will offer integrated systems combining its authentication mechanism with various applications and projects the sales of 10 systems worth 200 million yen in its initial year.

Characteristics and advantages of the authentication system

1. Since fingerprints are used for authentication, complicated management and storing of passwords and PINs (Personal Identification Number) are unnecessary, and yet high security is assured.
2. Since fingerprint and other personal information is confined in the smartcard, privacy of individuals is well protected.
3. The individual fingerprint data (template) stored in a smartcard is as small as 300 bytes. Therefore, the memory of the smartcard can be used efficiently.
4. A part of the template can be made a common specification to be shared by systems offered by other companies, either in Japan or abroad.
5. Since the system conforms to the standard smartcard defined in ISO7816^*1, it can be applied to a majority of smartcard systems currently in place, such as employee ID cards, seal-impression registration cards, and credit cards.
6. By associating the fingerprint information with the secret key stored in a smartcard, highly reliable PKI^*2 services or digital signature services can be provided.
7. Since we will also offer the software for writing fingerprint templates and other personal information (digital signature, secret key, etc.) on the smartcard, local governments and corporations can easily build a certificate authority system.

Main specification of the product

Fingerprint sensor	Capacitance semiconductor sensor Resolution 500dpi (300 × 256 pixels)
Smartcard	ISO7816 compliant
Interface	USB Version1.1
External dimension	53 mm × 106 mm × 32 mm (about 145 g, not including cable)
Electric current	150 mA or less
Operating Systems	Microsoft Windows 98SE/Me/2000/XP
Authentication mechanism	The characteristics of the fingerprint read by the sensor are compared with the fingerprint template stored in the smartcard.
Maximum number of fingerprints that can be stored	4 fingerprints per smartcard
Probability of rejection	0.1% or less
Tolerance for incorrect identification	0.001% or less
Time required for authentication	1 second or less

Price

• Personal authentication device, MUSB200-COMBO: open price.
• Related applications: please contact us.

Glossary

*1: ISO7816

An international standard established by the Standard Study Committee of the ISO (International Organization for Standardization) to ensure physical and functional compatibility of smartcards with external pins. The ISO7816 assumes no specific applications and defines physical features of the smartcard, the communication protocol used between the smartcard and the reader/writer etc., which are described in 11 parts.

A pole used for both power and telecommunications cables.

*2: PKI

Public Key Infrastructure. It is a generic term referring to technologies or products that use public key encryption. It encompasses public key encryption technologies, such as RSA and Elliptic Curve Cryptography, Web servers or browsers using SSL, encrypted E-mail using PGP, and servers for building certificate authorities that issue digital certificates.